Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Nozomi Networks — Vulnerabilities & Security Advisories 43

Browse all 43 CVE security advisories affecting Nozomi Networks. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Nozomi Networks specializes in industrial cybersecurity, providing visibility and threat detection for operational technology environments. The company’s software solutions monitor critical infrastructure, including energy, manufacturing, and transportation sectors, to identify anomalies in network traffic and device behavior. Historically, the platform has been associated with forty-three recorded Common Vulnerabilities and Exposures, primarily involving remote code execution, cross-site scripting, and privilege escalation flaws. These vulnerabilities often stem from improper input validation or insufficient access controls within the management interfaces. While no catastrophic breaches directly attributed to these specific CVEs have been widely publicized, the high count indicates recurring issues in authentication mechanisms and session management. The security profile suggests that while the core detection engine is robust, the administrative components require rigorous patching and hardening to prevent unauthorized access. Continuous updates are essential to mitigate risks associated with these known weaknesses in the industrial IoT landscape.

Found 35 results / 43Clear Filters
Top products by Nozomi Networks: Guardian Arc CMC
CVE IDTitleCVSSSeverityPublished
CVE-2025-40899 Stored Cross-Site Scripting (XSS) in Assets and Nodes in Guardian/CMC before 26.0.0 — GuardianCWE-79 8.9 High2026-04-15
CVE-2025-40897 Incorrect authorization for Threat Intelligence in Guardian/CMC before 26.0.0 — GuardianCWE-863 8.1 High2026-04-15
CVE-2025-40894 HTML injection in Alerted Nodes Dashboard in Guardian/CMC before 25.6.0 — GuardianCWE-79 4.4 Medium2026-03-04
CVE-2025-40898 Path traversal in Import Arc data archive functionality in Guardian/CMC before 25.5.0 — GuardianCWE-22 8.1 High2025-12-18
CVE-2025-40893 HTML injection in Asset List in Guardian/CMC before 25.5.0 — GuardianCWE-79 6.1 Medium2025-12-18
CVE-2025-40892 Stored Cross-Site Scripting (XSS) in Reports in Guardian/CMC before 25.5.0 — GuardianCWE-79 8.9 High2025-12-18
CVE-2025-40891 HTML injection in in Time Machine functionality in Guardian/CMC before 25.5.0 — GuardianCWE-79 4.7 Medium2025-12-18
CVE-2025-40890 Stored Cross-Site Scripting (XSS) in Dashboards in Guardian/CMC before 25.4.0 — GuardianCWE-79 7.9 High2025-11-25
CVE-2025-40888 Authenticated SQL Injection on CLI functionality in Guardian/CMC before 25.3.0 — GuardianCWE-89 5.3 Medium2025-10-07
CVE-2025-40889 Path traversal in Time Machine functionality in Guardian/CMC before 25.2.0 — GuardianCWE-22 8.1 High2025-10-07
CVE-2025-40887 Authenticated SQL Injection on Alert functionality in Guardian/CMC before 25.2.0 — GuardianCWE-89 5.3 Medium2025-10-07
CVE-2025-40886 Authenticated SQL Injection on Alert functionality in Guardian/CMC before 25.2.0 — GuardianCWE-89 7.5 High2025-10-07
CVE-2025-40885 Authenticated SQL Injection on Smart Polling functionality in Guardian/CMC before 25.2.0 — GuardianCWE-89 5.3 Medium2025-10-07
CVE-2025-3719 Incorrect authorization for CLI in Guardian/CMC before 25.2.0 — GuardianCWE-863 8.1 High2025-10-07
CVE-2025-3718 Client-side path traversal in Guardian/CMC before 25.2.0 — GuardianCWE-22 7.9 High2025-10-07
CVE-2024-13090 Privilege escalation in Guardian/CMC before 24.6.0 — GuardianCWE-250 7.0 High2025-06-10
CVE-2024-13089 Authenticated RCE in update functionality in Guardian/CMC before 24.6.0 — GuardianCWE-78 7.2 High2025-06-10
CVE-2024-4465 Incorrect authorization for Reports configuration in Guardian/CMC before 24.2.0 — GuardianCWE-863 6.0 Medium2024-09-11
CVE-2024-0218 DoS on IDS parsing of malformed Radius packets in Guardian before 23.4.1 — GuardianCWE-1286 7.5 High2024-04-10
CVE-2023-6916 Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1 — GuardianCWE-201 7.2 High2024-04-10
CVE-2023-5253 Check Point IoT integration: WebSocket returns assets data without authentication in Guardian/CMC before 23.3.0 — GuardianCWE-306 5.3 Medium2024-01-15
CVE-2023-32649 DoS on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0 — GuardianCWE-1286 7.5 High2023-09-19
CVE-2023-29245 SQL Injection on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0 — GuardianCWE-89 8.1 High2023-09-19
CVE-2023-2567 Authenticated SQL Injection on Query functionality in Guardian/CMC before 22.6.3 and 23.1.0 — GuardianCWE-89 8.8 High2023-09-19
CVE-2023-23903 DoS via SAML configuration in Guardian/CMC before 22.6.2 — GuardianCWE-1286 4.9 Medium2023-08-09
CVE-2023-24015 Partial DoS on Reports section due to null report name in Guardian/CMC before 22.6.2 — GuardianCWE-1286 4.3 Medium2023-08-09
CVE-2023-24471 Information disclosure via the debug function in assertions in Guardian/CMC before 22.6.2 — GuardianCWE-863 6.5 Medium2023-08-09
CVE-2023-22843 Stored Cross-Site Scripting (XSS) in Threat Intelligence rules in Guardian/CMC before 22.6.2 — GuardianCWE-79 6.4 Medium2023-08-09
CVE-2023-23574 Authenticated Blind SQL Injection on alerts count in Guardian/CMC before 22.6.2 — GuardianCWE-89 8.8 High2023-08-09
CVE-2023-22378 Authenticated Blind SQL Injection on sorting in Guardian/CMC before 22.6.2 — GuardianCWE-89 8.8 High2023-08-09

This page lists every published CVE security advisory associated with Nozomi Networks. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.